google-surf-mcp-search

SUSPICIOUS. The core search-and-extract capability matches the stated purpose, and installation is via standard npm/GitHub channels rather than obvious malware delivery. However, the skill’s footprint is broader than necessary because it supports arbitrary URL fetching, optional private-IP access, TLS bypass, and no-sandbox operation; combined with external-content ingestion, this creates meaningful SSRF and prompt-injection risk. Publisher/repo ownership mismatch adds trust uncertainty, but there is not enough evidence here to call it malicious.